Bug #93624: Switch user not possible in case target user activated MFA - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Bug #93624

closed

Switch user not possible in case target user activated MFA

Added by Oliver Bartsch about 3 years ago. Updated over 2 years ago.

Status:

Closed

Priority:

Should have

Assignee:

Oliver Bartsch

Category:

Authentication

Target version:

Start date:

2021-03-01

Due date:

% Done:

100%

Estimated time:

TYPO3 Version:

PHP Version:

Tags:

Complexity:

Is Regression:

Sprint Focus:

Description

In case an admin, having MFA disabled, tries to switch to another user (Switch-User) having MFA enabled, he is redirected to the auth_mfa route to verify MFA for the target user.

Explanation
- Having passed MFA successfully is indicated by the "mfa" key set to true in the user session record
- Since the admin, having MFA disabled, did not pass MFA, no such key exists
- When switching user, the admins' session is transformed into the switch-user session, still missing the "mfa" key
- Since the target user has MFA activated and there is no key in the session, the admin is required to pass MFA for the user which is obviously not possible

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

TYPO3 Core

Custom queries

Bug #93624

Switch user not possible in case target user activated MFA

Updated by Gerrit Code Review about 3 years ago

Updated by Gerrit Code Review about 3 years ago

Updated by Gerrit Code Review about 3 years ago

Updated by Oliver Bartsch about 3 years ago

Updated by Benni Mack over 2 years ago